SD-WAN: Saving Money and Increasing WAN Availability

April 29, 2019

By Lenildo Morais, Project Manager

SD-WAN Overview

Software-Defined Wide Area Networking (SD-WAN) is an emerging alternative to provisioned Multi-Protocol Label Switching (MPLS) circuits, providing distributed flexibility by using a centralized control model at the customer premises or within the cloud. SD-WANs are built on the core Software-Defined Networking (SDN) principle of strict separation of data and control planes. SD-WANs can manage multiple types of connections, including MPLS, LTE (News - Alert), and broadband cable or DSL, while delivering a variety of services, such as VPN, security and load-balancing. SD-WANs can be deployed much faster than an MPLS circuit, which must be provisioned by a service provider with a range of contractual Service Level Agreements (SLAs).

SD-WAN is a solution that has modified the panorama of management of distributed data networks, especially in the corporate branch. Strictly speaking, it is the ability to offer new possibilities against the traditional WAN Networks (matrix and branch), since a lot of the companies now centralize access in the matrix or store data and files in the cloud (Public or private cloud). Software-defined networks have shown many benefits, and traditional WANs, whose expiration dates seem to be coming to an end, were not designed to meet the demands of existing network management, traffic control, and applications.

Technological scholars are optimistic: It is estimated that 25% of companies will use SD-WAN as their solution by 2019. The software-defined option suggests better performance and flexibility, and lower maintenance cost compared to traditional WAN.

The SD-WAN solution can fully optimize your organization's network management, enabling benefits such as centralized management capabilities, improved data visibility, and increased automation, reducing complexity and contributing to IT department effectiveness. SD-WAN is a technique for using software to make wide area networks more intelligent and flexible. It typically begins with connecting sites directly to the Internet over commodity broadband links, instead of sending all traffic back to a regional office via private lines. Configurations and access policies are centrally managed and easily applied across all sites, removing the need to manually administer each WAN device individually.

Why is SD-WAN Important?

Digital transformation, the use of modern, cloud-based applications and technologies to empower new ways of doing business, is driving changes across every industry. The first step for many organizations is to ensure that their increasingly distributed workforce has safe, fast, always-on access from every appropriate location.

Unfortunately, traditional ways of connecting widely dispersed stores, branch offices, and remote offices often aren’t up to the challenge. Old hub-and-spoke networks built on private links can quickly buckle under the strain of Office 365, video training and teleconferencing, just to name a few examples. In such environments, IT faces a big challenge: How to optimize network performance without getting stuck on an endless treadmill of throwing money at the problem, upgrading hardware, and reconfiguring the network over and over.

Today, organizations need agile, flexible and cost-effective IT solutions if they want to compete effectively. They need solutions that are easy to implement, that are scalable and that meet the needs of growing businesses. Also, in a world where downtime can affect both reputation and the bottom line, they need to be confident that the networking solutions they choose are always on.

SD-WAN solves these problems and more, especially with new approaches that also bring enterprise scale and security. That's why it's becoming one of the most popular networking solutions available today.

The Difference Between WAN and SD-WAN

Just a few years ago, organizations looking to enhance their existing WAN environments would need to invest heavily in special network links, network equipment, and expertise in setting it all up. Then, they would often spend days – even weeks – configuring the equipment to function properly on their networks.

SD-WAN works differently. It lets organizations use whichever inexpensive Internet service provider (ISP) connections are available at each location, rather than requiring specific, expensive ones, such as MPLS lines from telecom providers. Many SD-WAN solutions even mix and match different connection technologies and ISPs intelligently, boosting the overall performance of the network at each site.

Configuration of all locations is done centrally, eliminating the need to manually edit setup files on each device. Administrators have full visibility across the entire network, not just a “peephole” glance into individual WAN routers, so they can understand what is happening and respond faster to incidents and potential problems. 

SD-WAN and Security

The promise of SD-WAN solutions over traditional MPLS-based WANs center around several fundamental aspects:

  • Improved performance
  • Better bandwidth allocation
  • Improved application policy enforcement
  • Improved network visibility
  • Lower costs.

However, with all these potential improvements, security concerns continue to be a focal point as more organization adopt SD-WANs, which shift IT organizations from the known world of centralized device level WAN deployments and move them to decentralized and distributed environments. Does this change the landscape and attack surface area? Are SDWANs a more structured approach to WAN and security servicing? The answer is yes to both.

Spirent’s (News - Alert) security and application testing solution, for instance, help our customer mange risks associated with security infrastructure. SD-WANs employ end-to-end encryption as a matter of course for all sites on an SDWAN infrastructure. This provides in-flight encryption for all data that will traverses an SD-WAN environment. While this universal level of encryption will keep traffic away from eavesdropping and other nefarious access, the impact to performance may not be obvious.


The successful validation of SD-WAN implementations will address the following concerns:

  • Scalability ­– Capability to bring-up and successfully operate hundreds or thousands of branch offices as required.
  • Security – SD-WAN has a large attack surface. Sensitive data must be securely accessed in an environment that is geographically dispersed, and open to multiple service providers and enterprise domains.
  • Reliability – Providing continuous availability for business-critical applications.
  • Performance – Key applications make use of expensive, dedicated bandwidth, but can burst to the cloud during peak utilization, preempting lower priority traffic and giving higher overall scale.

A properly validated SD-WAN will allow enterprises to focus on their core competencies instead of worrying about their branch connectivity. CPE (Customer Premises Equipment) is a key component of SD-WAN. The CPE receives policy from the centralized controller and is responsible for the local enforcement of that policy and managing access to the WAN resources. The virtualization of the CPE (vCPE) is one of the early NFV use cases being adopted by Service Providers. vCPE aligns well with the theme of centralized management and automation in SD-WAN, as it enables centralized provisioning in VNFs that constitute vCPE.  vCPE can be deployed in any of the following three flavors:

  • Cloud CPE – CPE functionality (e.g., NAT, Firewall) is deployed in the cloud at the Provider Edge.
  • On-premises OTT vCPE – More functionality (e.g., NAT, Firewall) is supported at the customer premises. Customer traffic is carried over a broadband connection.
  • On-premises vCPE – Customer traffic is carried over a dedicated link owned by the service provider.

SD-WAN and vCPE validation can be divided into three high-level test scenarios:

  1. Policy Validation
  2. Path Selection
  3. Resiliency/Fail-Over.

Spirent offers a comprehensive set of test tools and methodologies for automated validation of SD-WAN deployments in pre-deployment, turn-up and production phases.

The Benefits of SD-WAN

Many businesses or government agencies look to SD-WAN to reduce or eliminate their dependence upon slow, costly MPLS lines. However, that’s just the start of what SD-WAN can do for organizations.

  • Lower Connectivity Costs – SD-WAN can reduce ongoing operating expenses by switching from expensive MPLS lines to commodity broadband like fiber, cable, DSL, or even mobile technologies.
  • Higher Performance for cloud apps – With SD-WAN, new lines can be added quickly and easily to sites that need more capacity. By connecting sites directly to the internet, SD-WAN reduces the bottlenecks and delays that are common in older WANs.
  • Multiple Link Resilience – Traditional WAN environments usually have a single network link going into each location. With SD-WAN, multiple links from different ISPs can be used, eliminating a single point of failure that could take the network down.
  • Greater Agility – When you are opening up new branch offices, time is money. SD-WAN allows you to set up reliable and secure networks fast, using whichever ISPs are most appropriate to each location.
  • Optimized Use of Resources – SD-WAN enables you to intelligently assign key applications to different links, including internal lines as well as Internet connections, assigning different Quality of Service (QoS) guarantees to each. This lets you apply the right resources in each situation to maximize performance and productivity while minimizing cost.

How does SD-WAN help you to save money?

Among the main attributes of an SD-WAN solution are: support for various types of connections such as MPLS Network, dedicated link, internet, ADSL link, 4G, among others; the possibility of sharing workloads through connections; support for automatic provisioning of premium network services such as VPN, firewalls, WAN optimization, and control of application delivery. Here are some tips for optimizing your use of SD-WAN and how it can help you trim your company’s budget.

  • Increased performance and productivity – The SD-WAN solution enables traffic to be sent automatically and dynamically via the most appropriate WAN path, based on security conditions, service quality requirements and cost of the circuits. Routing policies for operation are defined by your network administrator. From the adoption of this technology, it is possible to optimize internal processes related to data management and corporate network management, which significantly improves application performance and staff productivity.
  • Fewer support costs – In the face of an SD-WAN solution, the recurrence of technical support is lower. The reduction of calls is due to the greater capacity of processing, storage and transmission of WAN networks defined by software in relation to the volume of data. The cloud structure is also a great facilitator when it comes to optimizing maintenance logistics. Everything can be done online, remotely, thanks to the resources provided by the cloud.
  • Maximum utilization of all available network connections – The SD-WAN solution enables automatic workload balancing and management of WAN network congestion for the best performance and the lowest cost of routing. It works as follows: when voice-over-IP (VoIP) traffic is not routed to an MPLS VPN service and the MPLS connection is congested, the SD-WAN can divert that traffic to a broadband a wireless 4G LTE circuit, allowing a better use of the available resources and ensuring the delivery of the packages.
  • Use of more affordable broadband links – The SD-WAN solution also measures the performance of WAN links in real time and instantly adapts to the shortcomings that the network may present.
  • Return on Investment – The SD-WAN solution is cost effective because it increases the reliability of WAN services, the Internet and the mobile connection, with a significant reduction in telecom costs. The SD-WAN approach allows you to solve various problems. Traditionally, managing the WAN has been one of the most expensive and inflexible items in the operation of a corporate network.

However, SD-WAN makes it easy to manage the capabilities of WAN devices because they are programmable and can be modified remotely and adjusted according to the needs of the environment. It is important to emphasize that the SD-WAN solution can be applied in companies of different segments adapting it in the best way to attend the internal processes and supply the needs.

These are only some of the topics that will be addressed at SD-WAN Expo 2020, February 12-14, in Ft. Lauderdale, Florida.  The conference will discuss not only the why and how of SD-WAN, but will explore live use cases explained by practitioners who have experienced the benefits firsthand.  If you’re interested in joining the conversation and sharing your SD-WAN experiences, the call for papers for SD-WAN Expo is currently open for submissions.  

Edited by Erik Linask

Get stories like this delivered straight to your inbox. [Free eNews Subscription]